not necessarily. there are software emulation -- examples would be W^X on OpenBSD[1] and Grsecurity/PaX on linux[2]. Ubuntu[3] and RedHat[4] also has (partial) NX-emulation thanks to ExecShield.
As for OpenBSD and Linux without grsec/pax, one can bypass NX (whether the CPU has the NX-bit or not) by marking the region with the shellcode as executable, eg:
mprotect(shellcode & -pagesize, len, PROT_EXEC);
((void()()) shellcode)();
in an exploit this could be accomplished by ROPing
Right, but it doesn't change my statement that W^X is enforced by the kernel (meaning the kernel sets all of the program pages to have the right bitset). Not to mention that it was (is?) emulated in software for some kernels.
https://en.wikipedia.org/wiki/NX_bit